How To Deal With ‘Shadow IT’ In Your Organisation

How To Deal With ‘Shadow IT’ In Your Organisation

Your employees have gone rogue. No, they’re not selling secrets to competitors or anything so nefarious, but they are using IT systems and services without the express knowledge of the company they work for. This is known as Shadow IT and it’s a growing problem within enterprises propagated by the fact business leaders seem to be turning the other cheek.

Hand shadow picture from Shutterstock

Be it putting work documents in Dropbox or a developer creating an app to streamline administrative tasks, Shadow IT is happening in many organisations. I knew a guy who worked for a psychology practice who would transcribe confidential patient interviews at home using Dragon NaturallySpeaking software.

It often happens right under the noses of managers who have either buried their head in the sand or are simply oblivious to the issue. Either way, Shadow IT is often harmless and usually allows employees to work more efficiently, until something goes wrong. The reality is, these secret IT offerings are outside the control of IT departments that are charged with ensuring security and compliance of business data and systems. So if an incident does occur, such as the loss of a confidential work document that was stored in a user’s personal Dropbox, there’s not much an organisation can do about it.

To illustrate the nature and extent of Shadow IT in organisations, here are some facts and figures from Cisco. The data comes from Cisco’s own customers:

  • IT departments estimated their companies used 51 cloud services. In actual fact, there are actually an average of 730 cloud services in use. That’s a lot of services the IT departments were not aware of.
  • Shadow IT figures are growing at such a rapid rate that Cisco anticipates that by the end of this calendar year, there will be 20 times more hidden cloud services that will be used by employees within organisations, which equates to over 1000 external cloud services per year.
  • The Shadow IT epidemic is widespread across all industries and geographies.

There’s no overarching reason why managers and IT departments have allowed the Shadow IT problem to balloon. Perhaps its to avoid conflict (if you want to stop being non-confrontational, we have a guide here) or because the unauthorised applications are actually making worklife better for employees. If it’s the latter, then maybe it’s time to re-evaluate your organisation’s procurement arrangements.

“[Procurement] processes have been around for decades and now they must be re-thought and re-designed,” Ipswitch vice president of international sales, Alessandro Porro, said. His company creates IT management software.

“The needs of the staff who are operating in the shadow also need to be considered. Organisations need to focus on these needs and consider what is needed to make employees more efficient, more effective and ultimately happier whie moving out of the shadow.”

Having an open dialogue with employees is important. Most workers don’t want to deliberately break the rules but may feel like they have no choice because the IT provided by their companies are so inadequate. Understanding the gripes of these workers is a crucial step in remedying Shadow IT.

Completely getting rid of Shadow IT would require infrastructure and services that is flexible enough to please users and satisfy business requirements. Why not try building your own services to compete with Shadow IT?

According to VMware business solutions strategist in EMEA, Sean Harris, this is entirely possible through a private cloud model, it’s just most traditional organisations lack the key skills and organisational components to do so. But if you’re willing to invest in creating the organisational structure, developing in-house development skills and implementing the processes required to provide IT-as-a-service to your workers, it will be beneficial in the long-run.

“In the end, customers will always choose the services that best meet their needs and cause them the least amount of pain, be it financial or operational,” Harris said in a blog post.

“Working to become your business’ preferred service provider will likely take time and resources, but in the long run, it can mean the difference between a role as a strategic partner to the business or the eventual extinction of the IT department as an antiquated cost center.”


  • Engage, engage, engage.

    I think all it comes down to staff relationships. You can setup the best controls to control access, but this will be useless the next day when a brand new cloud offering opens their doors.

    This will continue to be a struggle for many organisations in the future. Personally I try and engage with all levels of the business so I’m in the know when they want to evaluate a new product, etc. Every now and again I find out about evaluations after the fact, but this has been improving thanks to my staff relationships.

    On an unrelated note Panda, I love all the enterprise IT articles you have been writing. Keep it up!

  • Don’t fight Cloud and SaaS by spending more money on garbage internal IT. Embrace what is out there in cloud and SaaS and start focusing on business optimisation. Do that instead of the massive distraction of running software and hardware in-house and its associated problems including replacement cycles, IT empire building and dependency on inelastic internal ICT resources. As modular SaaS with app stores matures internal IT will get increasingly irrelevant as business units can organise their own IT.

    • That’s all very well, but you need some structure and control and that is the problem with ‘Shadow IT’.

      When business loses untold hours of time and intellectual property because someone who knows better than the IT department uses some random Cloud solution then looses control of it, it turns into a nightmare.

      As an example of what you can expect, tried calling someone like Telstra recently to get something that should be fairly basic resolved?
      Sat on hold for ever only to be disconnected?
      Finally got through to someone but just could not convey to them what the nature of the issue actually is (due to their lack of understanding of what they are supporting and somewhat of a language barrier).
      Then once you thought you succeeded found out later nothing was actioned..went through the entire process again and discovered zero notes were taken and they can’t even find the job ticket?

      Thats what you can expect to happen when dealing with a very large segment of the Cloud solutions market, its the same experience.

      These services are awesome until they shit themselves then it’s no ones responsibility and getting a resolution in anything resembling a timely fashion is like winning the lottery.

      I know theres a bit of Telstra bashing here but as an example we have had a client recently try to port a phone number, Telstra stuffed it as they seem to do on every occasion and it took 5 months to resolve completely – absolutely beyond belief – now imagine if it was the CEO’s mailbox on their Office 365 account that was resold to you through Telstra….

      The point is someone needs to oversee your IT solutions otherwise all bets are off. I don’t mean to say the Cloud is the Devil, it could be the best thing you ever do IT wise, but it can easily blow up in your face too.


  • My favourite part is when a rogue app becomes entrenched in a particular business unit, to the point where they can’t function without it. Then something goes wrong, and the help desk gets to tell them to take a hike.

  • Yeah, because help desk’s job is to enforce the “IT rules”, not to actually help with business processes or productivity, nor to question why the “rogue” app is preferred to “official” apps or do anything proactive about supporting alternatives.

    • Just like the change process is there to be ignored right 😉

      Sure, we’ll support your app, that we’ve never heard of before, have no processes or knowledge around, expertise on or access to, and aren’t being paid to support. Oh you need it fixed now? We’ll get riiight onto that.

  • “There’s no overarching reason why managers and IT departments have allowed the Shadow IT problem to balloon.”

    I think that’s part of the problem right there — IT thinking it can and should be the arbiter of what is “allowed”.

    Simply put, you can’t stop cashed-up business users/managers from buying their own cloud services. Not unless you have an IT practice so draconian it controls every single tech purchase.

    I guess this echoes kal0psia’s comments, but IT has to understand that their value to business is in being a trusted adviser, not a controlling overlord.

  • ‘Shadow IT’ comes about because of one main reason, IT thinks it knows everyone else job (and in reality they don’t even know theirs) Employees don’t go out and get a cloud service because they want to, they do’t go out and get a printer to put in their desk because they want to, they do it because they feel as though they HAVE to. Too many organisations allow their IT department to run their can’t do this you can’t do that.. this is a great way to get into the red.. at the end of the day your sales people need to sell, marketers need to go to market, if your IT department is not giving them the tools to do the job efficiently then they will (and should) go out and get them.

    IT people complaining about “shadow IT” should realise this: You are not dong your job, and if the salespeople stop going out and getting what they need to do theirs then sales stop, which means you loose your job.

    I have over 20 years experience in IT, and if you want to know why your company is loosing stock price while startups are growing, read the above, it is unlikely to be THE reason, but it is certainly ONE of the reasons, and the mindset that this is OK is likely a factor in ALL the reasons why you are losing value.

Show more comments

Comments are closed.

Log in to comment on this story!